General

  • Target

    a570d06e08ae46a61c775e3c3fc252bc_JaffaCakes118

  • Size

    26KB

  • Sample

    240818-fd7b3swdph

  • MD5

    a570d06e08ae46a61c775e3c3fc252bc

  • SHA1

    97824b4dd27368429f450625b560196e9bf91a92

  • SHA256

    bf98d045cd97c5b6efc48ceaf1aaf736bb41dddd3d1b4e4b1e6cd42568fe02bc

  • SHA512

    961a25eff7a93948e2ab45026f96453f192153a83e4da4b119ee6a323f5aac7dee70d9927ec77f0ce66299099ed8250583145f869027827196a741e3812ab611

  • SSDEEP

    384:EDmxsvw+nC7+z7pFZowqrdjLRi8JgxEd1iagAAunpe7achfzv/djPmd05KUI5aB1:Eyxsv4Mb+dRdSxEHj1WDFK/UlBfRwk

Malware Config

Extracted

Family

xtremerat

C2

mal3k.no-ip.org

Targets

    • Target

      a570d06e08ae46a61c775e3c3fc252bc_JaffaCakes118

    • Size

      26KB

    • MD5

      a570d06e08ae46a61c775e3c3fc252bc

    • SHA1

      97824b4dd27368429f450625b560196e9bf91a92

    • SHA256

      bf98d045cd97c5b6efc48ceaf1aaf736bb41dddd3d1b4e4b1e6cd42568fe02bc

    • SHA512

      961a25eff7a93948e2ab45026f96453f192153a83e4da4b119ee6a323f5aac7dee70d9927ec77f0ce66299099ed8250583145f869027827196a741e3812ab611

    • SSDEEP

      384:EDmxsvw+nC7+z7pFZowqrdjLRi8JgxEd1iagAAunpe7achfzv/djPmd05KUI5aB1:Eyxsv4Mb+dRdSxEHj1WDFK/UlBfRwk

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks